Re: How to keep sensors in sync using NTP?

From: Jérôme Tytgat (j.tytgat@energis.fr)
Date: 10/17/02 

From: Jérôme Tytgat <j.tytgat@energis.fr>
To: "Bruno Sicchieri" <bsicchieri@hotmail.com>, <focus-ids@securityfocus.com>
Date: Thu, 17 Oct 2002 10:52:14 +0200

Are you using snort with the option : snort -O ?

snort -U stores local alert in UTC time, this may be the problem.

----- Original Message -----
From: "Bruno Sicchieri" <bsicchieri@hotmail.com>
To: <focus-ids@securityfocus.com>
Sent: Tuesday, October 15, 2002 2:56 PM
Subject: How to keep sensors in sync using NTP?

>
>
> Hi all,
>
> I´ve just installed Snort, MySQL and ACID on Redhat7.3 following the Snort
> Installation Manual, by Steven J. Scott
> (http://home.earthlink.net/~sjscott007/)
>
> In one of the sections (Network Time Protocol - NTP) he explain how to
> keep accurate time on the sensors (Snort) without having to manually set
> the clocks, using NTP:
>
> 1) Editing the /etc/ntp.conf file and changing the server entry to reflect
> my timeserver and comment out the entry starting with "fudge"
> ------ntp.conf------
> server mytimeserver.com
> #fudge 127.127.1.0 stratum 10
> --------------------
>
> 2) # /etc/rc.d/init.d/ntpd start
> 3) # chkconfig ntpd on
>
> I´m using "ntp-4.1.1" and writing
> from "/usr/share/zoneinfo/America/Sao_Paulo" with "UTC=true"
> in /etc/sysconfig/clock file.
>
> Everything looks OK but the sensors stay 2 hours in advance. I already
> read the NTP manual but I still can´t figure out what is happen.
>
> Anyone could help please?
>
> Thanks, Bruno.
>

Relevant Pages

  • Re: How to keep sensors in sync using NTP?
    ... the ntp did the time adjustment for you) ... >I?e just installed Snort, MySQL and ACID on Redhat7.3 following the Snort ... Sun Certified Network Administrator ...
    (Focus-IDS)
  • Re: How to keep sensors in sync using NTP?
    ... It's snort -U not snort -O sorry. ... How to keep sensors in sync using NTP? ... > I´ve just installed Snort, MySQL and ACID on Redhat7.3 following the Snort ...
    (Focus-IDS)
  • How to keep sensors in sync using NTP?
    ... I´ve just installed Snort, MySQL and ACID on Redhat7.3 following the Snort ... In one of the sections (Network Time Protocol - NTP) he explain how to ... my timeserver and comment out the entry starting with "fudge" ...
    (Focus-IDS)
  • Re: High availability design of NIDS
    ... I worked with snort, coupled with adodb, acid ... >> I am now designing an NIDS solution. ... >> both sensors can listen to all traffics in the network). ... But it runs under Linux. ...
    (Focus-IDS)
  • US-CERT Technical Cyber Security Alert TA05-291A -- Snort Back Orifice Preprocessor
    ... Snort Back Orifice Preprocessor Buffer Overflow ... * Sourcefire Intrusion Sensors ... Other products that use Snort or Snort components may be affected. ...
    (comp.security.announce)